Thursday, May 19, 2005

A story in the Washington Post by Brian Krebs reports on a law-enforcement response to the widely-publicized information thefts, and includes information on how they were accomplished.

"The LexisNexis break-in was set in motion by a blast of junk e-mail. Sometime in February a small group of hackers, many of whom only knew each other through online communications, sent out hundreds of e-mails with a message urging recipients to open an attached file to view pornographic child images. The attachments had nothing to do with child porn; rather, the files harbored a virus that allowed the group's members to record anything a recipient typed on his or her computer keyboard. According to the teenage source, a police officer in Florida was among those who opened the infected e-mail message. Not long after his computer was infected with the keystroke-capturing virus, the officer logged on to his police department's account at Accurint, a LexisNexis service provided by Florida-based subsidiary Seisint Inc., which sells access to consumer data. Other officers' login information may have been similarly stolen, the law enforcement source said...Millions of consumers have been exposed to potential identity theft in 14 major breaches in the past year at various brokers, universities, banks and other institutions. In February, ChoicePoint Inc. said fraud artists had posed as Los Angeles businessmen to access personal information about at least 145,000 people."

1 Comments:

"Hallissey said her sense of privacy has been erased gradually over the past two years as a result of her association with a number of AOLers who playfully bragged to her about their success with social engineering. They showed her online screen shots of her water, gas and electric bills, her Social Security number, credit card balances and credit ratings, pictures of her e-mail inbox, as well as all of her previous addresses, including those of her children.'This was all done not by skilled "hackers" but by kids who managed to "social" their way into a company's system and gain access to it within one or two phone calls,' said Hallissey, who asked that her current place of residence not be disclosed. 'Major corporations have made social engineering way too easy for these kids. In their call centers they hire low-pay employees to man the phones, give them a minimum of training, most of which usually dwells on call times, canned scripts and sales. This isn't unique to T-Mobile or AOL. This has become common practice for almost every company.' "